feat(cli): support manual signing on build command

cli/src/config.ts

@@ -267,7 +267,12 @@ async function loadIOSConfig(rootDir: string, extConfig: ExternalConfig): Promis
   const podPath = lazy(() => determineGemfileOrCocoapodPath(rootDir, platformDirAbs, nativeProjectDirAbs));
   const webDirAbs = lazy(() => determineIOSWebDirAbs(nativeProjectDirAbs, nativeTargetDirAbs, nativeXcodeProjDirAbs));
   const cordovaPluginsDir = 'capacitor-cordova-ios-plugins';
-
+  const buildOptions = {
+    xcodeExportMethod: extConfig.ios?.buildOptions?.exportMethod,
+    xcodeSigningStyle: extConfig.ios?.buildOptions?.signingStyle,
+    signingCertificate: extConfig.ios?.buildOptions?.signingCertificate,
+    provisioningProfile: extConfig.ios?.buildOptions?.provisioningProfile,
+  };
   return {
     name,
     minVersion: '14.0',
@@ -287,6 +292,7 @@ async function loadIOSConfig(rootDir: string, extConfig: ExternalConfig): Promis
     webDir: lazy(async () => relative(platformDirAbs, await webDirAbs)),
     webDirAbs,
     podPath,
+    buildOptions,
   };
 }
 

cli/src/declarations.ts

@@ -478,6 +478,35 @@ export interface CapacitorConfig {
      * @default true
      */
     initialFocus?: boolean;
+
+    buildOptions?: {
+      /**
+       * The signing style to use when building the app for distribution.
+       *
+       * @since 7.0.0
+       * @default 'automatic'
+       */
+      signingStyle?: 'automatic' | 'manual';
+      /**
+       * The method used by xcodebuild to export the archive
+       *
+       * @since 7.0.0
+       * @default 'debugging'
+       */
+      exportMethod?: string;
+      /**
+       * A certificate name, SHA-1 hash, or automatic selector to use for signing for iOS builds.
+       *
+       * @since 7.0.0
+       */
+      signingCertificate?: string;
+      /**
+       * A provisioning profile name or UUID for iOS builds.
+       *
+       * @since 7.0.0
+       */
+      provisioningProfile?: string;
+    };
   };
 
   server?: {

cli/src/definitions.ts

@@ -101,6 +101,16 @@ export interface AndroidConfig extends PlatformConfig {
   };
 }
 
+export enum XcodeExportMethod {
+  AppStoreConnect = 'app-store-connect',
+  ReleaseTesting = 'release-testing',
+  Enterprise = 'enterprise',
+  Debugging = 'debugging',
+  DeveloperID = 'developer-id',
+  MacApplication = 'mac-application',
+  Validation = 'validation',
+}
+
 export interface IOSConfig extends PlatformConfig {
   readonly cordovaPluginsDir: string;
   readonly cordovaPluginsDirAbs: string;
@@ -117,6 +127,13 @@ export interface IOSConfig extends PlatformConfig {
   readonly nativeXcodeProjDirAbs: string;
   readonly nativeXcodeWorkspaceDir: Promise<string>;
   readonly nativeXcodeWorkspaceDirAbs: Promise<string>;
+  readonly buildOptions: {
+    teamId?: string;
+    exportMethod?: XcodeExportMethod;
+    xcodeSigningStyle?: 'automatic' | 'manual';
+    signingCertificate?: string;
+    provisioningProfile?: string;
+  };
 }
 
 export type WebConfig = PlatformConfig;

cli/src/index.ts

@@ -147,6 +147,41 @@ export function runProgram(config: Config): void {
         'jarsigner',
       ]),
     )
+    .addOption(
+      new Option('--xcode-team-id <xcodeTeamID>', 'The Developer team to use for building and exporting the archive'),
+    )
+    .addOption(
+      new Option(
+        '--xcode-export-method <xcodeExportMethod>',
+        'Describes how xcodebuild should export the archive (default:  app-store-connect)',
+      ).choices([
+        'app-store-connect',
+        'release-testing',
+        'enterprise',
+        'debugging',
+        'developer-id',
+        'mac-application',
+        'validation',
+      ]),
+    )
+    .addOption(
+      new Option(
+        '--xcode-signing-style <xcodeSigningStyle>',
+        'The iOS signing style to use when building the app for distribution (default: automatic)',
+      ).choices(['automatic', 'manual']),
+    )
+    .addOption(
+      new Option(
+        '--xcode-signing-certificate <xcodeSigningCertificate>',
+        'A certificate name, SHA-1 hash, or automatic selector to use for signing for iOS builds',
+      ),
+    )
+    .addOption(
+      new Option(
+        '--xcode-provisioning-profile <xcodeProvisioningProfile>',
+        'A provisioning profile name or UUID for iOS builds',
+      ),
+    )
     .action(
       wrapAction(
         telemetryAction(
@@ -163,6 +198,11 @@ export function runProgram(config: Config): void {
               androidreleasetype,
               signingType,
               configuration,
+              xcodeTeamId,
+              xcodeExportMethod,
+              xcodeSigningStyle,
+              xcodeSigningCertificate,
+              xcodeProvisioningProfile,
             },
           ) => {
             const { buildCommand } = await import('./tasks/build');
@@ -176,6 +216,11 @@ export function runProgram(config: Config): void {
               androidreleasetype,
               signingtype: signingType,
               configuration,
+              xcodeTeamId,
+              xcodeExportMethod,
+              xcodeSigningType: xcodeSigningStyle,
+              xcodeSigningCertificate,
+              xcodeProvisioningProfile,
             });
           },
         ),

cli/src/ios/build.ts

@@ -3,9 +3,9 @@ import { basename, join } from 'path';
 import { rimraf } from 'rimraf';
 
 import { runTask } from '../common';
-import type { Config } from '../definitions';
+import { XcodeExportMethod, type Config } from '../definitions';
 import { logSuccess } from '../log';
-import type { BuildCommandOptions } from '../tasks/build';
+import { type BuildCommandOptions } from '../tasks/build';
 import { checkPackageManager } from '../util/spm';
 import { runCommand } from '../util/subprocess';
 
@@ -25,59 +25,84 @@ export async function buildiOS(config: Config, buildOptions: BuildCommandOptions
     projectName = basename(await config.ios.nativeXcodeProjDirAbs);
   }
 
+  if (
+    buildOptions.xcodeSigningType == 'manual' &&
+    (!buildOptions.xcodeSigningCertificate || !buildOptions.xcodeProvisioningProfile)
+  ) {
+    throw 'Manually signed Xcode builds require a signing certificate and provisioning profile.';
+  }
+
+  const buildArgs = [
+    typeOfBuild,
+    projectName,
+    '-scheme',
+    `${theScheme}`,
+    '-destination',
+    `generic/platform=iOS`,
+    '-archivePath',
+    `${theScheme}.xcarchive`,
+    'archive',
+  ];
+
+  if (buildOptions.xcodeTeamId) {
+    buildArgs.push(`DEVELOPMENT_TEAM=${buildOptions.xcodeTeamId}`);
+  }
+
+  if (buildOptions.xcodeSigningType == 'manual') {
+    buildArgs.push(`PROVISIONING_PROFILE_SPECIFIER=${buildOptions.xcodeProvisioningProfile}`);
+  }
+
   await runTask('Building xArchive', async () =>
-    runCommand(
-      'xcodebuild',
-      [
-        typeOfBuild,
-        projectName,
-        '-scheme',
-        `${theScheme}`,
-        '-destination',
-        `generic/platform=iOS`,
-        '-archivePath',
-        `${theScheme}.xcarchive`,
-        'archive',
-      ],
-      {
-        cwd: config.ios.nativeProjectDirAbs,
-      },
-    ),
+    runCommand('xcodebuild', buildArgs, {
+      cwd: config.ios.nativeProjectDirAbs,
+    }),
   );
 
+  const manualSigningContents = `<key>provisioningProfiles</key>
+<dict>
+<key>${config.app.appId}</key>
+<string>${buildOptions.xcodeProvisioningProfile ?? ''}</string>
+</dict>
+<key>signingCertificate</key>
+<string>${buildOptions.xcodeSigningCertificate ?? ''}</string>`;
+
   const archivePlistContents = `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
 <key>method</key>
-<string>app-store-connect</string>
+<string>${buildOptions.xcodeExportMethod ?? XcodeExportMethod.Debugging}</string>
+<key>signingStyle</key>
+<string>${buildOptions.xcodeSigningType}</string>
+${buildOptions.xcodeSigningType == 'manual' ? manualSigningContents : ''}
 </dict>
 </plist>`;
 
   const archivePlistPath = join(`${config.ios.nativeProjectDirAbs}`, 'archive.plist');
 
   writeFileSync(archivePlistPath, archivePlistContents);
 
+  const archiveArgs = [
+    'archive',
+    '-archivePath',
+    `${theScheme}.xcarchive`,
+    '-exportArchive',
+    '-exportOptionsPlist',
+    'archive.plist',
+    '-exportPath',
+    'output',
+    '-configuration',
+    buildOptions.configuration,
+  ];
+
+  if (buildOptions.xcodeSigningType == 'automatic') {
+    archiveArgs.push('-allowProvisioningUpdates');
+  }
+
   await runTask('Building IPA', async () =>
-    runCommand(
-      'xcodebuild',
-      [
-        'archive',
-        '-archivePath',
-        `${theScheme}.xcarchive`,
-        '-exportArchive',
-        '-exportOptionsPlist',
-        'archive.plist',
-        '-exportPath',
-        'output',
-        '-allowProvisioningUpdates',
-        '-configuration',
-        buildOptions.configuration,
-      ],
-      {
-        cwd: config.ios.nativeProjectDirAbs,
-      },
-    ),
+    runCommand('xcodebuild', archiveArgs, {
+      cwd: config.ios.nativeProjectDirAbs,
+    }),
   );
 
   await runTask('Cleaning up', async () => {

cli/src/tasks/build.ts

@@ -1,6 +1,7 @@
 import { buildAndroid } from '../android/build';
 import { selectPlatforms, promptForPlatform } from '../common';
 import type { Config } from '../definitions';
+import { XcodeExportMethod } from '../definitions';
 import { fatal, isFatal } from '../errors';
 import { buildiOS } from '../ios/build';
 
@@ -14,6 +15,11 @@ export interface BuildCommandOptions {
   androidreleasetype?: 'AAB' | 'APK';
   signingtype?: 'apksigner' | 'jarsigner';
   configuration: string;
+  xcodeTeamId?: string;
+  xcodeExportMethod?: XcodeExportMethod;
+  xcodeSigningType?: 'automatic' | 'manual';
+  xcodeSigningCertificate?: string;
+  xcodeProvisioningProfile?: string;
 }
 
 export async function buildCommand(
@@ -42,6 +48,12 @@ export async function buildCommand(
     androidreleasetype: buildOptions.androidreleasetype || config.android.buildOptions.releaseType || 'AAB',
     signingtype: buildOptions.signingtype || config.android.buildOptions.signingType || 'jarsigner',
     configuration: buildOptions.configuration || 'Release',
+    xcodeTeamId: buildOptions.xcodeTeamId || config.ios.buildOptions.teamId,
+    xcodeExportMethod:
+      buildOptions.xcodeExportMethod || config.ios.buildOptions.exportMethod || XcodeExportMethod.AppStoreConnect,
+    xcodeSigningType: buildOptions.xcodeSigningType || config.ios.buildOptions.xcodeSigningStyle || 'automatic',
+    xcodeSigningCertificate: buildOptions.xcodeSigningCertificate || config.ios.buildOptions.signingCertificate,
+    xcodeProvisioningProfile: buildOptions.xcodeProvisioningProfile || config.ios.buildOptions.provisioningProfile,
   };
 
   try {

cli/src/tasks/copy.ts

@@ -154,6 +154,7 @@ async function copyCapacitorConfig(config: Config, nativeAbsDir: string) {
 
   await runTask(`Creating ${c.strong(nativeConfigFile)} in ${nativeRelDir}`, async () => {
     delete (config.app.extConfig.android as any)?.buildOptions;
+    delete (config.app.extConfig.ios as any)?.buildOptions;
     await writeJSON(nativeConfigFilePath, config.app.extConfig, {
       spaces: '\t',
     });